CVE-2025-56219
BaseFortify
Publication date: 2025-10-20
Last updated on: 2025-10-27
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ascertia | signinghub | to 8.6.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in SigningHub v8.6.8 is due to incorrect access control on the Add User API, which lacks rate limiting. This allows attackers to rapidly and arbitrarily create a large number of user accounts, potentially leading to resource exhaustion and a Denial of Service (DoS) condition. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to exhaust system resources through the automated creation of many user accounts. This can cause database bloating and ultimately result in a Denial of Service (DoS), making the service unavailable or degraded. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring the Add User API usage for unusually high or rapid account creation attempts, as the vulnerability allows attackers to create many user accounts without rate limiting. Specific commands are not provided in the resources, but network or application logs should be analyzed for excessive Add User API calls or spikes in user account creation. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves implementing rate limiting on the Add User API to prevent automated rapid creation of user accounts. Additionally, upgrading SigningHub to a version later than 8.6.8 where the vulnerability is fixed is recommended. [1]